Chapter 9

Information Systems Ethics, Computer Crime, and Security

Information Systems TodayInformation Systems TodayLeonard Jessup and Joseph ValacichLeonard Jessup and Joseph Valacich

Chapter 9 Objectives

Understand how computer ethics affects IS Understand how computer ethics affects IS Understand information privacy, accuracy, Understand information privacy, accuracy,

property, and accessibilityproperty, and accessibility Understand types of computer crimeUnderstand types of computer crime Understand the terms virus, worm, Trojan Understand the terms virus, worm, Trojan

horse, and logic or time bombhorse, and logic or time bomb Understand computer securityUnderstand computer security

Information Systems Ethics

Toffler’s three waves of changeToffler’s three waves of change AgricultureAgriculture Industrial RevolutionIndustrial Revolution Information AgeInformation Age

Information Systems Ethics

Computer LiteracyComputer Literacy Knowing how to use a computerKnowing how to use a computer

Digital DivideDigital Divide That gap between those with computer access That gap between those with computer access

and those who don’t have itand those who don’t have it Computer EthicsComputer Ethics

Standards of conduct as they pertain to the use Standards of conduct as they pertain to the use of information systemsof information systems

Information Systems Ethics

PrivacyPrivacy Protecting one’s personal informationProtecting one’s personal information

Identity theftIdentity theft Stealing of another’s social security number, Stealing of another’s social security number,

credit card number, or other personal credit card number, or other personal informationinformation

Information Systems Ethics

Information accuracyInformation accuracy Deals with authentication and fidelity of Deals with authentication and fidelity of

informationinformation Information propertyInformation property

Deals with who owns information about Deals with who owns information about individuals and how information can be sold individuals and how information can be sold and exchangedand exchanged

Information Systems Ethics Information accessibilityInformation accessibility

Deals with what information a person has the Deals with what information a person has the right to obtain about others and how the right to obtain about others and how the information can be usedinformation can be used

Issues in information accessibilityIssues in information accessibility CarnivoreCarnivore Electronic Communications Privacy Act (ECPA)Electronic Communications Privacy Act (ECPA) Monitoring e-mailMonitoring e-mail

Information Systems Ethics The need for a code of ethical conductThe need for a code of ethical conduct

Business ethicsBusiness ethics PlagiarismPlagiarism CybersquattingCybersquatting

Computer Crime Definition:Definition: the act of using a computer to the act of using a computer to

commit an illegal actcommit an illegal act Authorized and unauthorized computer accessAuthorized and unauthorized computer access ExamplesExamples

Stealing time on company computersStealing time on company computersBreaking into government Web sitesBreaking into government Web sitesStealing credit card information Stealing credit card information

Computer Crime Federal and State LawsFederal and State Laws

Stealing or compromising dataStealing or compromising data Gaining unauthorized computer accessGaining unauthorized computer access Violating data belonging to banksViolating data belonging to banks Intercepting communicationsIntercepting communications Threatening to damage computer systemsThreatening to damage computer systems Disseminating virusesDisseminating viruses

Computer Crime Hacking and CrackingHacking and Cracking

Hacker – one who gains unauthorized computer Hacker – one who gains unauthorized computer access, but without doing damageaccess, but without doing damage

Cracker – one who breaks into computer systems Cracker – one who breaks into computer systems for the purpose of doing damagefor the purpose of doing damage

Computer Crime Who commits computer crime?Who commits computer crime?

Computer Crime Types of computer crimeTypes of computer crime

Data diddlingData diddling: modifying data: modifying data Salami slicingSalami slicing: skimming small amounts of money: skimming small amounts of money PhreakingPhreaking: making free long distance calls: making free long distance calls CloningCloning: cellular phone fraud using scanners : cellular phone fraud using scanners CardingCarding: stealing credit card numbers online: stealing credit card numbers online PiggybackingPiggybacking: stealing credit card numbers by spying: stealing credit card numbers by spying Social engineeringSocial engineering: tricking employees to gain access: tricking employees to gain access Dumpster divingDumpster diving: finding private info in garbage cans: finding private info in garbage cans SpoofingSpoofing: stealing passwords through a false login page: stealing passwords through a false login page

Computer Crime Software piracySoftware piracy

North America – 25%North America – 25% Western Europe – 34%Western Europe – 34% Asia / Pacific – 51%Asia / Pacific – 51% Mid East / Africa – 55%Mid East / Africa – 55% Latin America – 58%Latin America – 58% Eastern Europe – 63%Eastern Europe – 63%

Computer Crime Computer viruses and destructive codeComputer viruses and destructive code

Virus – a destructive program that disrupts the normal Virus – a destructive program that disrupts the normal functioning of computer systemsfunctioning of computer systems

Types:Types: Worm: usually does not destroy files; copies itselfWorm: usually does not destroy files; copies itself Trojan horses: Activates without being detected; does Trojan horses: Activates without being detected; does

not copy itselfnot copy itself Logic or time bombs: A type of Trojan horse that stays Logic or time bombs: A type of Trojan horse that stays

dormant for a period of time before activatingdormant for a period of time before activating

Computer Security Computer SecurityComputer Security – precautions taken to keep – precautions taken to keep

computers and the information they contain safe computers and the information they contain safe from unauthorized accessfrom unauthorized access

Computer Security Recommended SafeguardsRecommended Safeguards

Implement a security plan to prevent break-insImplement a security plan to prevent break-ins Have a plan if break-ins do occurHave a plan if break-ins do occur Make backups!Make backups! Only allow access to key employeesOnly allow access to key employees Change passwords frequentlyChange passwords frequently Keep stored information secureKeep stored information secure Use antivirus softwareUse antivirus software Use biometrics for access to computing resourcesUse biometrics for access to computing resources Hire trustworthy employeesHire trustworthy employees

Computer Security EncryptionEncryption – the process of encoding messages – the process of encoding messages

before they enter the network or airwaves, then before they enter the network or airwaves, then decoding them at the receiving end of the transferdecoding them at the receiving end of the transfer

Computer Security How encryption worksHow encryption works

Symmetric secret key systemSymmetric secret key system Both sender and recipient use the same keyBoth sender and recipient use the same key Key management can be a problemKey management can be a problem

Public key technologyPublic key technology A private key and a public keyA private key and a public key

Certificate authorityCertificate authority A trusted middleman verifies that a Web site is a A trusted middleman verifies that a Web site is a

trusted site (provides public keys to trusted partners)trusted site (provides public keys to trusted partners) Secure socket layers (SSL)Secure socket layers (SSL)

Computer Security Other encryption approachesOther encryption approaches

Pretty good privacy (PGP)Pretty good privacy (PGP) Phil ZimmermanPhil Zimmerman

Clipper ChipClipper Chip

Computer Security Internet SecurityInternet Security

Firewall – hardware and software designed to Firewall – hardware and software designed to keep unauthorized users out of network systemskeep unauthorized users out of network systems

Computer Security Virus preventionVirus prevention

Install antivirus softwareInstall antivirus software Make backupsMake backups Avoid unknown sources of sharewareAvoid unknown sources of shareware Delete e-mails from unknown sourcesDelete e-mails from unknown sources If your computer gets a virus…If your computer gets a virus…

Computer Security How to maintain your privacy onlineHow to maintain your privacy online

Choose Web sites monitored by privacy Choose Web sites monitored by privacy advocatesadvocates

Avoid “cookies”Avoid “cookies” Visit sites anonymouslyVisit sites anonymously Use caution when requesting confirming e-mailUse caution when requesting confirming e-mail

Computer Security Avoid getting conned in cyberspaceAvoid getting conned in cyberspace

Internet auctionsInternet auctions Internet accessInternet access International modem dialingInternational modem dialing Web crammingWeb cramming Multilevel marketing (pyramid schemes)Multilevel marketing (pyramid schemes) Travel/vacationsTravel/vacations Business opportunitiesBusiness opportunities InvestmentsInvestments Health-care productsHealth-care products